Proceedings ArticleDOI
Why phishing works
Rachna Dhamija,J. D. Tygar,Marti A. Hearst +2 more
- pp 581-590
Reads0
Chats0
TLDR
This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users by analyzing a large set of captured phishing attacks and developing a set of hypotheses about why these strategies might work.Abstract:
To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed.read more
Citations
More filters
Proceedings ArticleDOI
Cantina: a content-based approach to detecting phishing web sites
TL;DR: The design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm, are presented.
Proceedings ArticleDOI
Find me if you can: improving geographical prediction with social and spatial proximity
TL;DR: Using user-supplied address data and the network of associations between members of the Facebook social network, an algorithm is introduced that predicts the location of an individual from a sparse set of located users with performance that exceeds IP-based geolocation.
Proceedings ArticleDOI
On Technical Security Issues in Cloud Computing
TL;DR: This paper focuses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations.
Proceedings ArticleDOI
Learning to detect phishing emails
TL;DR: This method is applicable, with slight modification, to detection of phishing websites, or the emails used to direct victims to these sites, and correctly identify over 96% of the phishing emails while only mis-classifying on the order of 0.1%" of the legitimate emails.
Journal ArticleDOI
Graphical passwords: Learning from the first twelve years
TL;DR: This article first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages, and reviews usability requirements for knowledge-based authentication as they apply to graphical passwords.
References
More filters
Journal ArticleDOI
A Trust Model for Consumer Internet Shopping
Matthew K. O. Lee,Efraim Turban +1 more
TL;DR: The findings indicate that merchant integrity is a major positive determinant of consumer trust in Internet shopping, and that its effect is moderated by the individual consumer's trust propensity.
Journal ArticleDOI
Evidence of the effect of trust building technology in electronic markets: price premiums and buyer behavior
Sulin Ba,Paul A. Pavlou +1 more
TL;DR: The authors examined the extent to which trust can be induced by proper feedback mechanisms in electronic markets, and how some risk factors play a role in trust formation, drawing from economic, sociological, and marketing theories and using data from both an online experiment and an online auction market.
Journal ArticleDOI
An overview of online trust: Concepts, elements, and implications
Ye Diana Wang,Henry H. Emurian +1 more
TL;DR: An overview of the nature and concepts of trust from multi-disciplinary perspectives is provided, and a framework of trust-inducing interface design features articulated from the existing literature is presented.
Journal ArticleDOI
Reflections on the dimensions of trust and trustworthiness among online consumers
TL;DR: A three-dimensional scale of trustworthiness dealing with integrity, benevolence, and ability in the unique case of online consumer trust is proposed, and the importance of examining the effects of each dimension individually is shown.
Proceedings ArticleDOI
What makes Web sites credible?: a report on a large quantitative study
B. J. Fogg,Jonathan Marshall,Othman Laraki,Alex Osipovich,Chris Varma,Nicholas Fang,Jyoti Paul,Akshay Rangnekar,John Shon,Preeti Swani,Marissa Treinen +10 more
TL;DR: This large-scale study investigated how different elements of Web sites affect people's perception of credibility, and found which elements boost and which elements hurt perceptions of Web credibility.